Categories: Malware

Should I remove “Mikey.139400”?

The Mikey.139400 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Mikey.139400 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Checks adapter addresses which can be used to detect virtual network interfaces
Dynamic (imported) function loading detected
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Korean
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Enumerates services, possibly for anti-virtualization
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Behavioural detection: Injection (inter-process)
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
CAPE detected the Tofsee malware family
Deletes executed files from disk
Attempts to interact with an Alternate Data Stream (ADS)
Uses suspicious command line tools or Windows utilities

How to determine Mikey.139400?


File Info:
name: 8A024052D87D1FBA675A.mlwpath: /opt/CAPEv2/storage/binaries/493efbc38a2c8fe0cfd124215fc3868a9591223dcc6e53197e56e93ffe2d382acrc32: CBF09220md5: 8a024052d87d1fba675a0d6caddb84f6sha1: ea81c8f9e808bd4fb1dfcf0eecc8123eb9daa352sha256: 493efbc38a2c8fe0cfd124215fc3868a9591223dcc6e53197e56e93ffe2d382asha512: cddda8b166c9fc69c32ee8c792e55277f164e599874b8b2ece21b93a15452c9b0777ca3cfe313d0fd8d4601fef8b45415c92668b8f71806d969c0299d745e2ffssdeep: 6144:cvD6Fdh8RMzshHjwFTGoX3dvOHK6e/MHK+I7ki:qWqmzSHjwDXtmq6YMHtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12B549E10BA50D035F1F722F84A7A92A8B92D3ED19B6450CB62D47AEE57346E0FC3131Bsha3_384: 70c3f6f849757390a695e89195e26290b321f2a694dc8998d8f5c2fc0566017269c1d845e1ea2c2c837194b2ed02805bep_bytes: 8bff558bece896a60000e8110000005dtimestamp: 2021-07-24 21:40:35
Version Info:
Translations: 0x0152 0x036f

Mikey.139400 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Mikey.139400
FireEye	Generic.mg.8a024052d87d1fba
CAT-QuickHeal	Ransom.Stop.P5
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.9e808b
Cyren	W32/Agent.ETY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Mikey.139400
Sophos	ML/PE-A + Troj/Krypt-FV
McAfee-GW-Edition	BehavesLike.Win32.Virut.dh
Trapmine	malicious.moderate.ml.score
GData	Win32.Trojan.PSE.10CPGR
Cynet	Malicious (score: 100)
McAfee	Packed-GEE!8A024052D87D
MAX	malware (ai score=89)
VBA32	BScope.Trojan.Crypt
APEX	Malicious
Rising	Trojan.Generic@AI.97 (RDML:tSQhES6C31/nlM9Sa5OUBw)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HEQT!tr
CrowdStrike	win/malicious_confidence_100% (D)